Sep 02 2021
I am new to KQL, and struggling to find the best option to build the query for One successful login followed by X failed logins in Y time period for same user.
The scenario is user tried to do password guess for Y times and succeeded and a successful login was triggered and the whole scenario is time boxed.
Any suggestion will be appreciated.
I did find almost similar query "https://stackoverflow.com/questions/54041200/azure-log-analytics-monitoring-successful-sign-ins-foll... but this does not check if successful login came after failed.
Thanks in advance.